Enable null api_token provider configuration

[Conflit-de-Bus]

What is currently missing?

The Aiven provider can not be initialized with null values for the api_token value.

This can cause problems, especially since the addition of application users to Aiven in april.

In our Terraform stacks, we can get application user credentials from another in-house provider. However, because these are created with a resource, they are evaluated after the initialization phase of the provider. Not being able to initialize the provider with a null api_token means a Terraform stack using this principle needs to have its configuration changed after the credentials are generated, to add the Aiven resources after the fact.

If such an operation is attempted now, the following message is returned by the Aiven provider during the terraform plan:

│ Error: token is required for Aiven client
│ 
│   with provider["registry.terraform.io/aiven/aiven"],

Which I guess comes from this part:

terraform-provider-aiven/internal/common/client.go

Line 34 in b4f7493

return nil, fmt.Errorf("token is required for Aiven client")

How could this be improved?

This could be improved if the provider accepted null (or placeholder) values in its initialization phase.

Is this a feature you would work on yourself?

• I plan to open a pull request for this feature.

[byashimov]

Hey!
Could you share a bit more about how you’re using (or planning to use) the Aiven provider? And how would you like to handle passing the token to the provider within your workflow?

Thanks!

[Conflit-de-Bus]

Hello @byashimov

Thank you for your answer, and sorry for the delay.

What I'd like to be able to do, is to initialize the Aiven provider, without needing credentials passed to it. In other words, I'd like it to fail when trying to perform the api calls necessary for the resource management, not at the beginning of the plan. I don't need it do do anything, just not throw an error when trying for a plan.

This is important to us, because we have an internal custom provider, that creates our Aiven projects, as well as gives us the credentials to connect to them.

For example, I'd like the following code:

resource "our_internal_aiven_project_creator" "aiven_project" {
  <some configuration>
}

resource "aiven_pg" "pg" {
  <some configuration>
}

provider "aiven" {
  api_token = our_internal_aiven_project_creator.aiven_project.aiven_token
}

to be able to plan without problems. Currently, this would throw "Error: token is required for Aiven client" because the aiven_token value is not defined at the beginning of the plan

In general, I'd just like to be able to do

provider "aiven" {
  api_token = null
}

Even if the apply fails when trying to create the PG service, at least we can apply our Terraform code selectively, and don't need to edit the code itself: we can create the infrastructure in 2 steps, one for the project/credentials, and one for the pg service.

I hope my explanation is understandable, if not, I can try to give additional details. This is something that works on the google tf provider, and having this would greatly help us.

Thanks!